Merge pull request #15 from alejandrovich/master

pitbulk · pitbulk · commit 992eaa3150ee · 2016-04-01T15:57:34.000+02:00
passing NameQualifier through to logout request
diff --git a/src/onelogin/saml2/auth.py b/src/onelogin/saml2/auth.py
@@ -291,7 +291,7 @@ def login(self, return_to=None, force_authn=False, is_passive=False):
             self.add_request_signature(parameters, security['signatureAlgorithm'])
         return self.redirect_to(self.get_sso_url(), parameters)
 
-    def logout(self, return_to=None, name_id=None, session_index=None):
+    def logout(self, return_to=None, name_id=None, session_index=None, nq=None):
         """
         Initiates the SLO process.
 
@@ -304,6 +304,9 @@ def logout(self, return_to=None, name_id=None, session_index=None):
         :param session_index: SessionIndex that identifies the session of the user.
         :type session_index: string
 
+        :param nq: IDP Name Qualifier
+        :type: string
+
         :returns: Redirection url
         """
         slo_url = self.get_slo_url()
@@ -316,7 +319,12 @@ def logout(self, return_to=None, name_id=None, session_index=None):
         if name_id is None and self.__nameid is not None:
             name_id = self.__nameid
 
-        logout_request = OneLogin_Saml2_Logout_Request(self.__settings, name_id=name_id, session_index=session_index)
+        logout_request = OneLogin_Saml2_Logout_Request(
+            self.__settings,
+            name_id=name_id,
+            session_index=session_index,
+            nq=nq
+        )
 
         parameters = {'SAMLRequest': logout_request.get_request()}
         if return_to is not None:
diff --git a/src/onelogin/saml2/logout_request.py b/src/onelogin/saml2/logout_request.py
@@ -24,7 +24,7 @@ class OneLogin_Saml2_Logout_Request(object):
 
     """
 
-    def __init__(self, settings, request=None, name_id=None, session_index=None):
+    def __init__(self, settings, request=None, name_id=None, session_index=None, nq=None):
         """
         Constructs the Logout Request object.
 
@@ -39,6 +39,9 @@ def __init__(self, settings, request=None, name_id=None, session_index=None):
 
         :param session_index: SessionIndex that identifies the session of the user.
         :type session_index: string
+
+        :param nq: IDP Name Qualifier
+        :type: string
         """
         self.__settings = settings
         self.__error = None
@@ -70,7 +73,8 @@ def __init__(self, settings, request=None, name_id=None, session_index=None):
                 name_id,
                 sp_name_qualifier,
                 name_id_format,
-                cert
+                cert,
+                nq=nq,
             )
 
             if session_index:
diff --git a/src/onelogin/saml2/utils.py b/src/onelogin/saml2/utils.py
@@ -523,7 +523,7 @@ def format_finger_print(fingerprint):
         return formated_fingerprint.lower()
 
     @staticmethod
-    def generate_name_id(value, sp_nq, sp_format, cert=None, debug=False):
+    def generate_name_id(value, sp_nq, sp_format, cert=None, debug=False, nq=None):
         """
         Generates a nameID.
 
@@ -544,13 +544,18 @@ def generate_name_id(value, sp_nq, sp_format, cert=None, debug=False):
 
         :returns: DOMElement | XMLSec nameID
         :rtype: string
+
+        :param nq: IDP Name Qualifier
+        :type: string
         """
 
         root = OneLogin_Saml2_XML.make_root("{%s}container" % OneLogin_Saml2_Constants.NS_SAML)
         name_id = OneLogin_Saml2_XML.make_child(root, '{%s}NameID' % OneLogin_Saml2_Constants.NS_SAML)
         if sp_nq is not None:
             name_id.set('SPNameQualifier', sp_nq)
         name_id.set('Format', sp_format)
+        if nq is not None:
+            name_id.set('NameQualifier', nq)
         name_id.text = value
 
         if cert is not None:
diff --git a/tests/src/OneLogin/saml2_tests/utils_test.py b/tests/src/OneLogin/saml2_tests/utils_test.py
@@ -459,6 +459,42 @@ def testGetExpireTime(self):
         self.assertNotEqual('3311642371', OneLogin_Saml2_Utils.get_expire_time('PT360000S', '2074-12-10T04:39:31Z'))
         self.assertNotEqual('3311642371', OneLogin_Saml2_Utils.get_expire_time('PT360000S', 1418186371))
 
+    def _generate_name_id_element(self, name_qualifier):
+        name_id_value = 'value'
+        entity_id = 'sp-entity-id'
+        name_id_format = 'name-id-format'
+
+        raw_name_id = OneLogin_Saml2_Utils.generate_name_id(
+            name_id_value,
+            entity_id,
+            name_id_format,
+            nq=name_qualifier,
+        )
+        parser = etree.XMLParser(recover=True)
+        return etree.fromstring(raw_name_id, parser)
+
+    def testNameidGenerationIncludesNameQualifierAttribute(self):
+        """
+        Tests the inclusion of NameQualifier in the generateNameId method of the OneLogin_Saml2_Utils
+        """
+        idp_name_qualifier = 'idp-name-qualifier'
+        idp_name_qualifier_attribute = ('NameQualifier', idp_name_qualifier)
+
+        name_id = self._generate_name_id_element(idp_name_qualifier)
+
+        self.assertIn(idp_name_qualifier_attribute, name_id.attrib.items())
+
+    def testNameidGenerationDoesNotIncludeNameQualifierAttribute(self):
+        """
+        Tests the (not) inclusion of NameQualifier in the generateNameId method of the OneLogin_Saml2_Utils
+        """
+        idp_name_qualifier = None
+        not_expected_attribute = 'NameQualifier'
+
+        name_id = self._generate_name_id_element(idp_name_qualifier)
+
+        self.assertNotIn(not_expected_attribute, name_id.attrib.keys())
+
     def testGenerateNameIdWithSPNameQualifier(self):
         """
         Tests the generateNameId method of the OneLogin_Saml2_Utils
